highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

matroskadec: prevent access of elements after freeing

Browse Source 
Using the decode interrupt feature of ffmpeg may cause crashes by
accessing previously freed pointers in matroska_read_close.

To prevent this reset nb_elem to zero after freeing the elements,
because ffmpeg normally tests for nb_elem.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This commit is contained in:
Michael Schenk
2016-11-25 09:36:20 +01:00
committed by Andreas Cadhalpun
parent 2475858889
commit 18b9466937
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
libavformat/matroskadec.c
View File

@@ -1237,6 +1237,7 @@ static void ebml_free(EbmlSyntax *syntax, void *data)
j++, ptr += syntax[i].list_elem_size) j++, ptr += syntax[i].list_elem_size)
ebml_free(syntax[i].def.n, ptr); ebml_free(syntax[i].def.n, ptr);
av_freep(&list->elem); av_freep(&list->elem);
list->nb_elem = 0;
} else } else
ebml_free(syntax[i].def.n, data_off); ebml_free(syntax[i].def.n, data_off);
default: default: